Don’t Let Zombie Accounts Leave an Opening for Cybercriminals to Slide into Your Systems and Data.

Everyone has accounts that they don’t use anymore. It could be an old subscription, an e-commerce store you no longer visit, a professional service you no longer need. These “zombie accounts” still hold data pitfalls like passwords, your personally identifiable information (PII), financial details, potentially credit and debit card details, business data, and other information that can put you and your business at risk.

Every day, thousands of lists of user credentials like email and password combinations are sold in Dark Web data markets or added to Dark Web data dumps. Complete user records stolen in past cyberattacks or scooped out of old databases are also regularly added to Dark Web sources. In 2020 hackers dropped more than 22 million records on the Dark Web. Many of those user records have been collected from sources that are no longer in business, but you may have had a password-protected account there. According to a recent survey, the average person has over 10 old password-protected zombie accounts, and 30 percent have “too many to count.”

Just because you’ve stopped using an account or haven’t updated your information in a while, doesn’t mean those accounts don’t pose the same third-party risk as active accounts. These zombie accounts are treasure troves for cybercriminals. Old accounts provide bad actors with ammunition like an executive’s personal details to create a well-crafted spear phishing message as part of a business email compromise attack or forgotten credentials from an old shopping account that your staffer has reused, opening you up to risk for credential stuffing attacks.

Plus, new information about people and businesses is making its way to the Dark Web in a steady stream. Only 13% of victims are even aware that they’ve been impacted in a data breach. Yet millions of new user records are harvested during cybercrimes and data breaches every year. More than 22 million records were added to the Dark Web in 2020 alone, and experts estimate that 65 percent of the data on the Dark Web can harm businesses.

One major danger of zombie accounts is the risk of password compromise created by their poor password hygiene. Password reuse and recycling are endemic — 91 percent of participants in a recent survey understood the risk of password reuse but 59 percent admitted to doing it anyway.

Often, those passwords weren’t strong to begin with, and many folks simply change a character or two between their passwords as they use them for different accounts — or they’re part of the 13 percent of people who use a single password on every account and device that they use.

How can you keep zombie accounts from taking a bite out of your business? One immediate way is to make sure that every user in your system has a strong, unique password that hasn’t been recycled from somewhere else, no matter how long ago they last used it. Don’t make common password mistakes when choosing a password, don’t write it down or iterate it from another password and don’t use that password for anything else.

Putting strong mitigation in place against possible avenues of attack from cybercriminals trying to leverage data and passwords harvested from zombie accounts is a smart way for every business to boost its cyber resilience and strengthen its overall cybersecurity posture. Combine these two strong solutions to protect your systems and data from compromise due to data harvested from zombie accounts while also preventing any unpleasant surprises.

• Use Dark Web ID to proactively monitor the Dark Web for credentials from zombie accounts and other sources that can put your business in danger. With 24/7/365 human and machine analysis using real-time validated data from Dark Web markets and communications, Dark Web ID spots your stolen or leaked credentials fast and sends up a red flag to alert you to danger – giving you time to close a security gap before the bad guys slip through it.

• Passly adds essential tools that strip the power from a stolen password. Adding secure identity and access management protection means that cybercriminals who snatch a password from an ancient zombie account that someone has recycled in your system aren’t going to get anywhere with it. Multifactor authentication can halt up to 99 percent of password-based cybercrime on its own. It only takes a second for your legitimate users to use a second identifier (e.g., a code or a token) to prove their identity. Plus, features like single sign-on and easy remote management make it easy for your IT team to defend against cyberattacks.

Make sure that your company is protected from nasty surprises like credential exposure from zombie accounts. Contact Forint today for a look at your Dark Web dangers. Let us help you secure your business and your customers against the threat of a cybersecurity disaster caused by an old account coming back to haunt you.